{ config, pkgs, ... }:
let
  my-python-packages = ps: with ps; [
    # netcup-dns is not (yet) packaged, thus we build it from PyPI
    (
      buildPythonPackage rec {
        pname = "netcup-dns";
        version = "0.2.0";
        # https://nixos.wiki/wiki/Packaging/Python#Fix_Missing_setup.py
        format = "pyproject";
        src = fetchPypi {
          inherit pname version;
          sha256 = "sha256-tZKPe02tHrTelyw30BQsJhdZpmDsggZ0rr4ag0eHtng=";
        };
        propagatedBuildInputs = [
          # Dependencies
          pkgs.python3Packages.requests
          pkgs.python3Packages.nc-dnsapi
          # Build dependencies
          build
          twine
        ];
      }
    )
    # de-p1st-monitor is not (yet) packaged, thus we build it from PyPI
    (
      buildPythonPackage rec {
        pname = "de.p1st.monitor";
        version = "0.11.0";
        # https://nixos.wiki/wiki/Packaging/Python#Fix_Missing_setup.py
        format = "pyproject";
        src = fetchPypi {
          inherit pname version;
          sha256 = "sha256-UeNzQeKfJZ6cJz08E4r0adOQwV7D81AALYwwpHBGneU=";
        };
        propagatedBuildInputs = [
          # Dependencies
          pkgs.python3Packages.psutil
          # Build dependencies
          build
          twine
        ];
      }
    )
  ];
in
{
  # Install de.p1st.monitor and netcup-dns Python packages.
  environment.systemPackages = [
    (pkgs.python3.withPackages my-python-packages)
    # Dependency of de.p1st.monitor.
    pkgs.smartmontools
  ];

  # Configure netcup-dns.
  # Create file `/etc/netcup-dns/netcup-dns-95191.json`.
  deployment.keys."netcup-dns-95191.json" = {
    keyFile = ../../secrets/netcup-dns.json;
    destDir = "/etc/netcup-dns";
    user = "netcup-dns";
    group = "netcup-dns";
  };
  # Create netcup-dns daemon user.
  users.users."netcup-dns" = {
    isSystemUser = true;
    group = "netcup-dns";
    description = "netcup-dns daemon";
  };
  users.groups."netcup-dns" = {};
  # Create netcup-dns timer.
  systemd.timers."netcup-dns" = {
    wantedBy = [ "timers.target" ];
    partOf = [ "netcup-dns.service" ];
    timerConfig = {
      OnBootSec = "0m";
      OnUnitInactiveSec = "3m";

      AccuracySec = "15s";
      RandomizedDelaySec = "15s";
    };
  };
  systemd.services."netcup-dns" = {
    serviceConfig = {
      Type = "oneshot";
      PrivateTmp = true;
      User = "netcup-dns";
      Nice = 19;
      IOSchedulingClass = "idle";
      ExecStart = "${pkgs.python3.withPackages my-python-packages}/bin/netcup-dns";
    };
  };

  # Create de.p1st.monitor timer.
  systemd.timers."de.p1st.monitor" = {
    wantedBy = [ "timers.target" ];
    partOf = [ "de.p1st.monitor.service" ];
    timerConfig = {
      OnBootSec = "0m";
      OnUnitInactiveSec = "3m";

      AccuracySec = "15s";
      RandomizedDelaySec = "15s";
    };
  };
  systemd.services."de.p1st.monitor" = {
    serviceConfig = {
      Type = "oneshot";
      PrivateTmp = true;
      # `smartctl` requires root to access /dev/* devices and read their temperatures.
      User = "root";
      Nice = 19;
      IOSchedulingClass = "idle";
      ExecStart = "${pkgs.python3.withPackages my-python-packages}/bin/de-p1st-monitor";
    };
    path = with pkgs; [
      # Provides `findmnt` binary.
      libuuid
      smartmontools
    ];
  };

  # Start Jinja-Compose project during boot.
  # To few the log, run
  #   journalctl -b -u Jinja-Compose -f
  #
  systemd.services."Jinja-Compose" = {
    description = "Start Jinja-Compose project";
    path = with pkgs; [
      # The `docker-compose` helper script is written in `bash` (!)
      bash
      docker
    ];
    script = ''
      set -eu -o pipefail
      /mnt/data/docker-compose/docker-compose pull
      /mnt/data/docker-compose/docker-compose up -d --wait
    '';
    # Start after login.
    wantedBy = [ "multi-user.target" ];
  };
}